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DETAILED ACTION 

1 . This is in response to the amendment filed on 25 May 2005. 

2. Claims 1-44 are pending in the application. 

3. Claims 1-44 have been rejected. 

Response to Amendment 

4. The applicant has amended claim 30 to depend upon claim 29. There is no longer insufficient 
antecedent basis in this claim. The examiner withdraws claim rejection under 35 U.S.C. 112, 
second paragraph, as being indefinite for failing to particularly point out and distinctly claim the 
subject matter which applicant regards as the invention. 

Response to Arguments 

5. Applicant's arguments with respect to claims 1-44 have been considered but are moot in view 
of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 112 
The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

6. Claim 39 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

The preamble of claim 39 recites the claim as an apparatus and as a method. This is 
improper. For the sake of examining, the examiner assumes that claim 39 is an apparatus claim. 



Application/Control Number: 10/600,121 
Art Unit: 2131 



Page 3 



Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

7. Claims 1, 2, 5-12, 16-18, 21-28 and 32 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Lin et al U.S. Patent No. 6,052,785. 

As to claim 1, Lin et al discloses an apparatus for proving authentication when a user is 
not present, the apparatus comprising: 

a Web service client coupled to a service provider [column 2, lines 41-62]; 
a Web service provider [column 2, lines 41-62]; and 
a discovery service [column 2, lines 41-62]; 
wherein: 

the Web service client, the service provider, the Web service 
provider, and the discovery service agree to work with each other [column 
2 line 63 to column 3 line 4]; and 

the Web service provider is configured in such a way such that the 
calling Web service client must prove that it has permission to request a 
service from the Web service provider when a live authenticated session 
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of the user with the Web service client is not present [column 8, lines 10- 
56]. 

As to claims 2 and 18, Lin et al discloses that the Web service client comprises an 
assertion [column 7, lines 10-41]. Lin et al discloses the assertion comprising a statement that 
the user has an authenticated session [column 7, lines 10-41]. 

As to claims 5 and 21, Lin et al discloses that the statement comprises, but is not limited 
to, the following information: 

a system entity that made the assertion [column 7, lines 10-41]; 
a system entity making a request [column 7, lines 10-41]; 
a system entity relying on the assertion [column 7, lines 10-41]; and 
a name identifier of the user in a namespace of the system entity that made 
the assertion to the system entity relying on the assertion [column 7, lines 10-41]. 
As to claims 6 and 22, Lin et al discloses that the system entity making the assertion is an 
identity provider of the discovery service [column 7 line 48 to column 8 line 8]. 

As to claims 7 and 23, Lin et al discloses that the system entity making a request is the 
Web service client [column 8, lines 18-37]. 

As to claims 8 and 24, Lin et al discloses that the system entity relying on the assertion is 
the Web service provider [column 8, lines 18-37]. 

As to claims 9 and 25, Lin et al discloses that the asserting party is the Web service client 
and the relying party is the Web service provider [column 8, lines 18-37]. 

As to claims 10 and 26, Lin et al discloses that the statement is included in an extended 
assertion that is given to the service provider at time of authentication [column 5, lines 35-56]. 
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As to claims 1 1 and 27, Lin et al discloses the apparatus further comprising: 

means for the Web service client presenting to the discovery service a 
service assertion obtained from a second system entity, wherein the service 
assertion comprises a user presence statement [column 6, lines 8-36]; and 

means for the discovery service issuing a new service assertion comprising 
a new user presence statement, the new service assertion and the new user 
presence statement associated with the second system entity [column 6, lines 8- 
36]. 

As to claims 12 and 28, Lin et al discloses that the second system entity is a second Web 
service client [column 6, lines 8-36]. 

As to claims 16 and 32, Lin et al discloses means for testing a request to the Web service 
provider while a user is still present, wherein either or both the discovery service and the Web 
service provider can perform real-time consent informational data collection from a user without 
having actually performed a particular transaction [column 6, lines 8-36]. 

As to claim 17, Lin et al discloses a method for proving authentication when a user is not 
present, the method comprising the steps of: 

a Web service client coupled to a service provider [column 2, lines 41-62]; 
a Web service provider [column 2, lines 41-62]; and 
a discovery service [column 2, lines 41-62]; 
wherein: 
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the Web service client, the service provider, the Web service 
provider, and the discovery service agree to work with each other [column 
2 line 63 to column 3 line 4]; and 

the Web service provider is configured in such a way such that the 
calling Web service client must prove that it has permission to request a 
service from the Web service provider when a live authenticated session 
of the user with the Web service client is not present [column 8, lines 10- 
56]. 

8. Claims 33-44 are rejected under 35 U.S.C. 102(e) as being anticipated by Wells et al U.S. 
Patent No. 6,901,387 B2. 

As to claim 33, Wells et al discloses a method for invoking authenticated transactions on 
behalf of a user when the user is not present, the method comprising the steps of: 

a service provider, at a time when a user is present, asking the user if the 
service provider can perform a particular transaction at a later point in time when 
the user is not present [column 14, lines 30-52], wherein if the user indicates yes, 
then the service provider sending a notification to register with any of, or both of: 
a trusted discovery service [column 3, lines 24-39]; and 
a Web service provider that performs the particular transaction [column 6, 
lines 14-41]; 

wherein while the user is still present, the user can be asked to provide 
informational content related to the particular transaction [column 14, lines 30- 
52]; and 
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for invocation, the service provider making a request of the Web service 
provider to perform the particular transaction [column 14, lines 30-52]. 
As to claims 34 and 40, Wells et al discloses the step of a discovery service checking if 
the user gave permission for contacting the Web service provider when the user is not present 
[column 14, lines 30-52]. Wells et al discloses that if permission is granted, allowing control to 
go to the Web service provider [column 14, lines 30-52]. 

As to claims 35 and 41, Wells et al discloses the method comprising any of the steps of 
the Web service provider: 

trusting the discovery service performed checking for permission and 
accepting that if the discovery service indicates the user gave permission, then the 
Web service provider performing the particular transaction [column 6 line 62 to 
column 7 line 16]; and 

the Web service provider deciding to perform checking for permission, 
and subsequently performing the particular transaction if the Web service 
provider determines permission is granted [column 6 line 62 to column 7 line 16]. 
As to claims 36 and 42, Wells et al discloses the method further comprising the step of 
providing a user capability of reviewing and modifying stored permissions [column 6 line 62 to 
column 7 line 16]. 

As to claims 37 and 43, Wells et al discloses the method comprising the step of providing 
robust security by having trust kept centrally in the discovery service [column 7, lines 24-34]. 
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As to claims 38 and 44, Wells et al discloses the method further comprising the discovery 
service supporting a plurality of different types of Web service providers [column 9, lines 14- 
38]. 

As to claim 39, Wells et al discloses an apparatus for invoking authenticated transactions 
on behalf of a user when the user is not present, the apparatus comprising: 

a service provider, at a time when a user is present, asking the user if the 
service provider can perform a particular transaction at a later point in time when 
the user is not present [column 14, lines 30-52], wherein if the user indicates yes, 
then the service provider sending a notification to register with any of, or both of: 
a trusted discovery service [column 3, lines 24-39]; and 
a Web service provider that performs the particular transaction [column 6, 
lines 14-41]; 

wherein while the user is still present, the user can be asked to provide 
informational content related to the particular transaction [column 14, lines 30- 
52]; and 

for invocation, the service provider making a request of the Web service 
provider to perform the particular transaction [column 14, lines 30-52]. 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

9. Claims 3, 4, 19 and 20 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Lin et al U.S. Patent No. 6,052,785 as applied to claims 1 and 17 above, and further in view 
of Van Oorschot et al U.S. Patent No. 5,699,431. 

As to claims 3, 4, 19 and 20, Lin et al does not teach that the assertion is signed by an 
authority. Lin et al does not teach that the authority is an identity provider of the discovery 
service. 

Van Oorschot et al teaches signing an assertion (i.e. certificate) by an authority [column 
4, lines 4-24]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Lin et al so that the certificate would have been 
signed by a certificate authority. The certificate authority would have been an identity provider 
of the discovery service. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Lin et al by the teaching of Van Oorschot et al because the 
signature provides a stronger form of security and proves that the certificate is coming from a 
authenticated authority and authenticates the discovery service as well. 
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10. Claims 13, 14, 29 and 30 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Lin et al U.S. Patent No. 6,052,785 as applied to claims 1 and 17 above, and further in 
view of Ramasubramani et al U.S. Patent No. 6,516,316 Bl. 

As to claims 13, 14, 29 and 30, Lin et al does not teach means for the discovery service 
recording and storing user statement information. Lin et al does not teach that the recorded and 
stored user statement information is in the form of a table. 

Ramasubramani et al teaches means for the discovery service recording and storing user 
statement (i.e. certificate) information [column 9 line 55 to column 10 line 14]. Ramasubramani 
et al teaches that the recorded and stored user statement information is in the form of a table 
[column 9 line 55 to column 10 line 14]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Lin et al so that the discovery service would have 
recorded and stored the certificate information. The certificates would have been stored in the 
form of a table. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Lin et al by the teaching of Ramasubramani et al because it 
provides a method that is organized, takes less storage space and more efficient way to store 
certificates. 
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11. Claims 15 and 31 are rejected under 35 U.S.C. 103(a) as being unpatentable over Lin et 
al U.S. Patent No. 6,052,785 as applied to claims 1 and 17 above, and further in view of Yu 
U.S. Patent No. 4,919,545. 

As to claims 15 and 31, Lin et al does not teach means for the Web service provider 
storing a ticket for checking the permission to request a service. 

Yu teaches means for checking permission to a requested service by a ticket [column 6, 
lines 12-32]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Lin et al so that permission to a requested service 
would have been checked by means of a stored ticket. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Lin et al by the teaching of Yu because this method 
provides a stronger form authentication, because without the ticket a client would not have 
access to web services. 
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Conclusion 



12. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aravind K Moorthy whose telephone number is 571-272-3793. 
The examiner can normally be reached on Monday-Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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